Skip to content

Trilead SSH2 Java implementation found in Fedora Repository

Friday, December 30, 2011

Quite a while back I wrote a java program that would create a tunnel to a linux server running squid, thereby allowing you to proxy to your own server over SSH.  This is one of the few pure Java implementations of SSH2 that I know of and definitely one of the easiest to use.  I am a hack not a developer and I was able to use the Trilead SSH2 classes.  Unfortunately Trilead decided to stop development on the SSH2 Java Library.  When they did this I no longer new how to tell people to get the JAVA code that they once allowed anyone to use.  Well today I discovered (while looking for the java plugin for firefox and chrome) that its there in the Fedora repository (trilead-ssh2.noarch).

After searching through the fedora repository I found that the Trilead package was owned by “robmv” (couldnt find much more info on him) who also owned the ganymed-ssh2 package that just happens to be the very same package that Trilead was distributing.  So now I can point you to the original source of this SSH Java implementation library.  It was originally written by Dr. Christian Plattner during his PhD at ETH Zurich.  You can download straight from ETH Zurich ganymed-ssh2 page (for now at least).  It looks like they are referring every to a new page for support, http://www.cleondris.ch which was not responding when I tried it.

Just in case the links above do not work or you can’t find it in the repository I am archiving the rpm from the repository and the zip from ETH Zurich here.

ganymed-ssh2-build210

trilead-ssh2-213-8.fc15.noarch.rpm

Filed in Tunneling | Tagged , | Comments Off

Locks: Basic operation and manipulation – YouTube

Friday, September 23, 2011

This is a step by step course in the basics of how locks work and how we pick them open.

via Locks: Basic operation and manipulation – YouTube.

Filed in Uncategorized | Tagged , | Comments Off

Management 414: SANS® +S™ Training Program for the CISSP® Certification Exam

Thursday, February 10, 2011

I am teaching/mentoring the SANS CISSP examination course starting May 5, 2011 and going until July 7th, 2011.  The class will be held one night a week for two hours for ten weeks.

This class will prepare you to take the local exam in Kansas City on July 23rd.

To register for the course click on this link:  http://www.sans.org/mentor/details.php?nid=24584

Register for the exam here:  July 23rd CISSP Exam in Kansas City

From the SANS Website:

Over the past 4 years, 98% of all respondents, who studied our SANS® +S™ Training Program for the CISSP® Certification Exam and then took the exam passed; compared to a national average of around 70% for other prep courses.

SANS® +S™ Training Program for the CISSP® Certification Exam is designed to prepare you to pass the exam. This course is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the ten domains of knowledge as determined by (ISC)².

Each domain of knowledge is dissected into its critical components. Every component is discussed showing its relationship to each other and other areas of network security. After completion of the course the student will have a good working knowledge of the ten domains of knowledge.

Note: The CISSP® exam is NOT provided as part of the training. The GISP exam offered by GIAC is NOT the same as the CISSP® exam offered by (ISC)².

You Will Receive With This Course:

Free “CISSP® Study Guide” by Eric Conrad, Seth Misenar and Joshua Feldman.

Who Should Attend

  • Security professionals who are interested in understanding the concepts covered in the CISSP® exam as determined by (ISC)²
  • Managers who want to understand the critical areas of network security
  • System, security, and network administrators who want to understand the pragmatic applications of the CISSP® 10 Domains
  • Security professionals and managers looking for practical ways the 10 domains of knowledge can be applied to the current job
  • In short, if you desire a CISSP® or your job requires it, MGT414 is the training for you Get GISP Certified Reinforce what you learned in training and prove your skills and knowledge with a GISP certification.

CISSP exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP exam.

Filed in SANS | Tagged , | Comments Off

Using NSS certutil tool

Friday, November 5, 2010

List out all certificates in the nss database located at /etc/httpd/alias/
certutil -L -d /etc/httpd/alias/

List out the certificate details for “certificate”
certutil -L -n “alpha” -d /etc/httpd/alias/

Add certificate “liberterra.com.crt” to the nss database in /etc/httpd/alias with the nickname “www.liberterra.com”
certutil -A -n www.liberterra.com -t “p,p,p” -i liberterra.com.crt -d /etc/httpd/alias/

certutil -V -n ‘www.liberterra.com – GoDaddy.com, Inc.’ -u C -l -d /etc/httpd/alias/

Filed in Security | Tagged , , | Comments Off

ISACA Presentation: Network Penetration Testing and Ethical Hacking

Tuesday, August 17, 2010

Come out to the ISACA meeting in Kansas City on September 9th to see my presentation on Network Penetration Testing and Ethical Hacking.

Time: 11:30 AM – 12:00 PM Registration | 12:00 – 1:00 PM Lunch | 1:00 – 3:00 PM Program
Location: Figlio’s Tower | 209 West 46th Terrace | Kansas City | MO | 64112

http://isaca-kc.org/Chapter%20Meetings/20100909%20Presentation.pdf

Filed in metasploit, Security | Tagged , , , , | Comments Off

SANS 560: Network Penetration Testing & Ethical Hacking – Kansas City

Thursday, August 5, 2010

I am teaching/mentoring the SANS 560 course starting October 7, 2010.  Use the discount code “mentor15″ to get a 15% discount when signing up.

Signup:  http://www.sans.org/info/55868

Here is the SANS announcement:

Starting October 7th, SANS will be running Security 560: Network
Penetration Testing and Ethical Hacking in Kansas City, MO. This course
will be taught by SANS Mentor Daryl Fallin.

Attendees will learn how to perform detailed reconnaissance, learning
about a target's infrastructure by mining blogs, search engines, and
social networking sites. Students will utilize numerous tools in hands-on
exercises in our lab-environment. The class also discusses how to prepare
a final report, tailored to maximize the value of the test from both a
management and technical perspective. For complete event details visit
http://www.sans.org/info/55868.

When: October 7 - December 16, 2010 (Class meets once a week from
6:00-8:00PM on Thursdays)

CPEs: 36

GIAC Certification: GIAC Certified Penetration Tester (GPEN)

Tuition: $2695, which is a $400 savings when you register early at
http://www.sans.org/info/55868

For group discounts please contact mentor@sans.org.

What is the SANS Mentor Program: http://www.sans.org/info/57693

The SANS Mentor Program offers you local, live training over the course of
ten weeks. This format allows students to understand, apply and digest
the material each week and return with any questions at the next class
session. Mentor classes are smaller classes which gives students the
opportunity to directly interact with each other and the Mentor in a
hands-on environment.

With local training from SANS Mentor you save on travel expenses, time
away from work, family and save on average 25% on the tuition cost. If
you have a limited training budget this SANS Mentor class will get you the
knowledge you need at savings you can use.

If this sounds like the kind of local, live training you can use please
register today at http://www.sans.org/info/55868.

Filed in SANS, Security | Tagged , , , | Comments Off

SSH Tunnel Java Client

Wednesday, February 3, 2010

Sometime around 1999 I realized that there are many instances where you will want to browse the Internet without the ISP, hotel or even company you work for being able to see the sites you visit. This is not a unique idea and has now become almost a mainstream activity of security minded individuals. But, I wanted things to be simple so I created a small java program to do the client side work for me, that not only creates an ssh tunnel when the outbound port 22 is open, but can also work through a proxy or firewall that only allows SSL traffic through to the Internet.

Download Java SSH Tunnel Tool

What you need:

Server that has an SSH server and a proxy. (I am using the squid proxy)
Ability to enable SSH to listen to port 443 (simple sshd_config setting on linux using openssh)
If your company, hotel, etc uses an authenticated proxy. You will need to know the IP address of the proxy and the credentials used.

I am using a server that is hosted by linode.com. This server is a CentOS 5.4 server with a very basic linux install with openssh server and squid installed.

First you need to make sure that your ssh server is working. As long as you know it answers on port 22 as it does by default then you are ready to move on to the next step.

Make the SSH server listen on port 443.

Edit the /etc/ssh/sshd_config (location on CentOS 5.4)
Uncomment the line ‘#Port 22’ if it is commented.
Add line ‘Port 443’
Your sshd_config file should now have the following lines:

Port 22
Port 443

Restart the ssh server.
On CentOS: service sshd restart
On most other linux systems you can use: /etc/init.d/sshd restart

Try to connect to your ssh server on port 443
# ssh -l username -p 443 10.10.10.10 (substitute your username and IP address as appropriate)

If you can connect to your ssh server on port 443 then you are ready to go onto the next step.

Using the LiberSSH2.jar client.

Download the Java SSH client LiberSSH2.jar from here.

Run the LiberSSH2.jar file. This should work with Mac, Windows or Linux. The LiberSSH2.jar file is a runnable jar, so you should be able to just run it by double clicking.

If it does not run, then try the following ‘java -jar LiberSSH2.jar’

Detail information about the client fields:
Hostname: Server that is running your ssh server and proxy
Username: Username for above server
Password: Password for above username
Proxy Server: This is if you have a local proxy or firewall that you must use to get out to the internet.
Proxy Port: Proxy port that the above Proxy server uses.
Proxy Username: Username for the above proxy server. This is needed if your company proxy server uses an authenticated proxy server.
Proxy Password: Password for above Proxy Username
Local Port: This is the port that your tunnel will be bound to, so that when you hit this port on localhost (127.0.0.1) it will be directed over the tunnel to the remote port on your server on port 3128. (I will allow this to be changed in future releases)
Use Proxy checkbox: Check this if you have to use a proxy to get out of your current network (work environment).
Login Button: Press to login
Logout Button: Press to logout.

Filed in Tunneling | Tagged , , | Comments Off

Base64 Encoding/Decoding – Windows Basic Authorization (NTLM)

Tuesday, April 28, 2009

Sometimes during a wireshark or sniffer network capture you will come across communication where the windows system will use Basic Authorization to authenticate to the windows domain. This often looks like “Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=”. This happens to be authentication to a proxy server.

Here is a simple command line perl to decode the base64 encoded username and password:

perl -e 'use MIME::Base64; $data = decode_base64("dXNlcm5hbWU6cGFzc3dvcmQ="); print "Encoded $data\n";'

And if for some reason you want to do a base64 encoding:

perl -e 'use MIME::Base64; $data = encode_base64("username:password"); print "Encoded $data\n";'
Encoded dXNlcm5hbWU6cGFzc3dvcmQ=

Filed in Perl | Tagged , , | Comments Off

Portforwarding with OpenSSH (SSH)

Thursday, January 1, 2009

In OpenSSH to create a local port that forwards to a remote port without creating a connection to the shell.

ssh -N -l johndoe -i .ssh/id_dsa -L45432:0.0.0.0:5432 191.168.1.1

The above command uses the identity file id_dsa and creates a local port 45432 that forwards to the remote system on port 5432 (postgres).

This will allow the local client to connect with postgres on local port 45432 and run queries against the remote database over the encrypted SSH tunnel. This is a very secure method for database connectivity.

To create an identity file:

ssh-keygen -t dsa -b 2048

Do not enter a password if you are going to use this to connect without user interaction. If you do this you must keep the key protected.

Once you have the keys take the public key (id_dsa.pub) and add it to the authorized_keys file of the user you are connecting as:

For instance if the user is johndoe on the remote system go to johndoe’s home directory, something like /home/johndoe and then to the .ssh directory ( /home/johndoe/.ssh ) and add the id_dsa.pub key to the end of the authorized_keys file. If the file does not exist create it and add the key on the end. They key is only one line so make sure that it doesn’t span more than one line.

Make sure to make the file read/write only for the owner: chmod 600 authorized_keys

Now you can log in or use the above command to create a local port to tunnel to a remote port.

Of course to log in: ssh -l johndoe -i /home/johndoe/.ssh/id_dsa 192.168.1.1

Filed in Tunneling | Tagged , , , , , | Comments Off

Wireless Security Terms confusing? Check out this article by e-Week

Thursday, December 4, 2008

Click Here for full article: Wireless Security: A Partial Glossary of Wireless Security Terms

  • WEP (Wired Equivalent Privacy)—The old, original, now discredited wireless security standard. Easily cracked.
  • WEP 40/128-bit key, WEP 128-bit Passphrase—See WEP. The user key for WEP is generally either 40- or 128-bit, and generally has to be supplied as a hexadecimal string.
  • WPA, WPA1—Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
  • WPA2—The trade name for an implementation of the 802.11i standard, including AES and CCMP.
  • TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
  • AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
  • Dynamic WEP (802.1x)—When the WEP key/passphrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
  • EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
  • 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
  • LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent reauthentication.
  • WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
  • RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
  • WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate. The included types are:
    • EAP-TLS

    • EAP-TTLS/MSCHAPv2
    • PEAPv0/EAP-MSCHAPv2
    • PEAPv1/EAP-GTC
    • EAP-SIM
  • WPA-Personal, WPA2-Personal—See Pre-Shared Key.
  • WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
  • authentication algorithms: OPEN, SHARED and LEAP—OPEN in this context meant no authentication; the network was open to all. SHARED refers to preshared key. for LEAP see LEAP.
Filed in wireless | Tagged , | Comments Off